Report - ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

Report Overview

Submitted URL
ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
IP
199.59.243.223
ASN
#16509 AMAZON-02
Submitted
2023-05-06 10:29:37
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
8
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2023-05-06	3.2 kB	60 kB	142.250.74.164
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2023-05-06	981 B	2.1 kB	142.250.74.97
ww25.anpmnmxo.biz	unknown	2022-01-31	2023-03-03	2023-05-05	3.4 kB	28 kB	199.59.243.223
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-06	1.3 kB	2.8 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-06 10:29:22	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-06	medium	ww25.anpmnmxo.biz/js/parking.2.104.9.js
2023-05-06	medium	ww25.anpmnmxo.biz/_fd?subid1=20230506-2022-4719-816e-f3f198a40d2d
2023-05-06	medium	ww25.anpmnmxo.biz/_tr

mnemonic secure dns

Scan Date	Severity	Indicator
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz
2023-05-06	medium	anpmnmxo.biz

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d	439 B	2023-05-06	2023-05-06
Pretty URL ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 12:29:38 Last Seen2023-05-06 12:29:38 Times Seen1 Hash d7627636f0276a4455e06f8335651580 64c69611be21fcc60a5224d6c0dfd2f733f2d3fe 770e5e74bfbf05bc488c1d66f3fa28b7c26799cec46538b532ccd9d850181eb1 Loading...

	ww25.anpmnmxo.biz/js/parking.2.104.9.js	69 kB	2023-05-03	2023-05-10
Pretty URL ww25.anpmnmxo.biz/js/parking.2.104.9.js IP 199.59.243.223 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 21:41:31 Last Seen2023-05-10 22:09:44 Times Seen1147 Hash fc0add3f511e88e8b76fb4d99385e79d db7c675436018d9cadea0faa1e1ab3d0e149fd70 5fa30919d2af0a6153e6dbc2cdb0a06232dd5341ac72a423599289d4039b8027 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-02	2023-05-16
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 18:49:40 Last Seen2023-05-16 18:09:03 Times Seen1185 Hash e709ab03976c91cd0334efad43b2d1d7 730444624bdeaf12ee15fed97d4176458f0e1eb6 c9830055d1d6ae43520ba4b381b8a43d384fcfc888814a21199f8faf6e9fdf22 Loading...

	www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264	6.6 kB	2023-05-06	2023-05-06
Pretty URL www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-06 12:29:38 Last Seen2023-05-06 12:29:38 Times Seen1 Hash f2e3b798719cdc5e62db0c778f8eb4ec 811074a3b5fd15dda64da357b8a74a9151721815 11642156aa974a2282df533eaeba12995e772a88f49ec1d158eaa3f15e56c1c0 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-05-02	2023-05-15
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 18:49:59 Last Seen2023-05-15 18:52:14 Times Seen739 Hash 7bb31d71af937f676973bf4250777949 5317f0625d6e8cca88b3e052ab29f49ed91124a6 25d03cafbe522aae05283a51289da70a15bb1bc932c32f7d3cb1a8537b9a72b1 Loading...

HTTP Transactions (17)

URL IP Response Size

ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

199.59.243.223

740 B

URL User Request GET
ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
IP
199.59.243.223:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (987), with no line terminators
Size
740 B (740 bytes)
Hash
32e1b4ba280a947f55552675b32946c3
c0441e540b6b240de96c9131eced40816a3051a7
e7cb1ac4cc8f0e6ecabbc87ed3641caa5de8dd8440cdd0efefac8fe78212c8ef

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 06 May 2023 10:29:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f; expires=Sat, 06-May-2023 10:44:21 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_iLZfzQeblngTywndPcbF4XhGT0YrPrgFKMTlri/kYRrZGjHsEDOAyzThlqklic5L7B5OuU9+IqrF/PmTYmVyhA==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/js/parking.2.104.9.js

199.59.243.223

200 OK

22 kB

URL GET HTTP/1.1
ww25.anpmnmxo.biz/js/parking.2.104.9.js
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22161 bytes)
Hash
4373b6882998614499e168219b1e44ca
6591de3f6d18020cc8de3549f9a87115b44bea8b
e93edbb073fa2a6feedcdcec64b6d6b2f9e85b481f11ad8f5a66facac76cb101

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /js/parking.2.104.9.js HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 06 May 2023 10:29:21 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 May 2023 19:31:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/_fd?subid1=20230506-2022-4719-816e-f3f198a40d2d

199.59.243.223

200 OK

1.9 kB

URL POST HTTP/1.1
ww25.anpmnmxo.biz/_fd?subid1=20230506-2022-4719-816e-f3f198a40d2d
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type
ASCII text, with very long lines (3745), with no line terminators
Size
1.9 kB (1895 bytes)
Hash
64caf209b0be337fd8d76a18c96ff4e6
13b3a654127d719711f4d9ff18e4226d45cfa155
aa3356348253f45dcf18743e94970b62e71d49d1c254c66d4a32009180ad1473

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_fd?subid1=20230506-2022-4719-816e-f3f198a40d2d HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Content-Type: application/json
Origin: http://ww25.anpmnmxo.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 06 May 2023 10:29:22 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f; expires=Sat, 06-May-2023 10:44:22 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.anpmnmxo.biz/px.gif?ch=1&rn=0.6678759964944494

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/px.gif?ch=1&rn=0.6678759964944494
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=1&rn=0.6678759964944494 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 06 May 2023 10:29:22 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ww25.anpmnmxo.biz/px.gif?ch=2&rn=0.6678759964944494

199.59.243.223

200 OK

42 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/px.gif?ch=2&rn=0.6678759964944494
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /px.gif?ch=2&rn=0.6678759964944494 HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 06 May 2023 10:29:22 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
02ba75903f02c48b30395328fff9927e
43f817f355059ed03490ef1bab8ff0deffbfe744
53a5ffd09f760367667dd07ef2d98936e2e49d616ed75fcac4ccf1182c89ca0e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 10:29:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww25.anpmnmxo.biz/favicon.ico

199.59.243.223

200 OK

0 B

URL GET HTTP/1.1
ww25.anpmnmxo.biz/favicon.ico
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 06 May 2023 10:29:22 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-216.ec2.internal
Accept-Ranges: bytes

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint22:2A:81:06:18:D1:68:C5:1A:F7:E4:D9:FB:DF:C4:9B:E3:FD:BF:6E
ValidityMon, 17 Apr 2023 08:26:19 GMT - Mon, 10 Jul 2023 08:26:18 GMT

File type
data
Size
54 kB (54248 bytes)
Hash
1ff83efd168b10ae3cb3e564efd8390e
47cf2ba01b857590703b82b3375bf90849a20cb4
08bc74d4007e0aac6c5cc74e5c423bc09fdafc0274783ac374df789a54eb1865

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 06 May 2023 10:29:22 GMT
expires: Sat, 06 May 2023 10:29:22 GMT
cache-control: private, max-age=3600
etag: "4184804653183365243"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264

142.250.74.164

200 OK

2.2 kB

URL GET HTTP/3
www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5749)
Size
2.2 kB (2182 bytes)
Hash
eef73158e412874040d97cef7b40d732
bb1839f60edecbc8622d7b46579084470b24fcc2
043b134e00d3020340304bdda2704377fea30d6238dc27d907b4306571664753

HTTP Headers

GET /afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 06 May 2023 10:29:22 GMT
expires: Sat, 06 May 2023 10:29:22 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-J6r7y2G8OKZTSqk1ke6c-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2182
x-xss-protection: 0
set-cookie: CONSENT=PENDING+194; expires=Mon, 05-May-2025 10:29:22 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 10:29:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 10:29:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.97

200 OK

278 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Size
278 B (278 bytes)
Hash
bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 05 May 2023 23:05:24 GMT
expires: Sat, 06 May 2023 22:05:24 GMT
cache-control: public, max-age=82800
age: 41038
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b

142.250.74.97

200 OK

174 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol130%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol310%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol441&client=dp-bodis30_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww25.anpmnmxo.biz%3Fcaf%26subid1%3D20230506-2022-4719-816e-f3f198a40d2d&terms=cyber%20security%2Copen%20threat%20exchange%2Ccyber%20threats&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2936916502645281&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002&format=r3&nocache=1381683368964191&num=0&output=afd_ads&domain_name=ww25.anpmnmxo.biz&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1683368964193&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1264&psh=79&frm=0&cl=528505921&uio=-&cont=rs&jsid=caf&jsv=528505921&rurl=http%3A%2F%2Fww25.anpmnmxo.biz%2Frohrbhkf%3Fsubid1%3D20230506-2022-4719-816e-f3f198a40d2d&adbw=master-1%3A1264
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
76243f91f45c199f29a2f9764e77fa55
b1ed51f71738d78aac5092ac24184c51dd85bd6a
428f3f236ea430d0bd41a7766888b04a7445773ee4be7597944be1f53327ec96

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 06 May 2023 06:00:13 GMT
expires: Sun, 07 May 2023 05:00:13 GMT
cache-control: public, max-age=82800
age: 16149
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
83dad3af2b1ee0e4ce48cc6b69d62a79
df5b55e2b188311fc398f0e7d08e34a924a9e9c2
5f89aa03d3930f0afe5e5bce6e90473130d26ff85a49e2e97d1c73504debca9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 May 2023 10:29:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww25.anpmnmxo.biz/_tr

199.59.243.223

200 OK

22 B

URL POST HTTP/1.1
ww25.anpmnmxo.biz/_tr
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d

File type
ASCII text, with no line terminators
Size
22 B (22 bytes)
Hash
5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /_tr HTTP/1.1
Host: ww25.anpmnmxo.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Content-Type: application/json
Content-Length: 1773
Origin: http://ww25.anpmnmxo.biz
DNT: 1
Connection: keep-alive
Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 06 May 2023 10:29:23 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=86df9203-e8e0-f810-f0b8-417c03673f8f; expires=Sat, 06-May-2023 10:44:23 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m0dqnnrgmsq&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1

142.250.74.164

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m0dqnnrgmsq&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=m0dqnnrgmsq&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bs&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-JwRPkvPCcFNMop8aFVtT0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 06 May 2023 10:29:24 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=Q5Rv4UNmPwZyeNzkKpjfF-vXTO8xcv4xjK2qrY8lO0wUOlSxPIEd3ZylkP7bPs6kI9emBFdWp4e3BaVeGSq5oSbZYPwcP0nSRuInDAgLWwXo1hxN1r1NOf8KIpg8MVCuwC_e-jdZeiOnWcPqufVaZ3DoFMalEgIXnKwqp1aqp3A; expires=Sun, 05-Nov-2023 10:29:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+269; expires=Mon, 05-May-2025 10:29:24 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=4em59rjbmfyl&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1

142.250.74.164

204 No Content

0 B

URL GET HTTP/3
www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=4em59rjbmfyl&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
http://ww25.anpmnmxo.biz/rohrbhkf?subid1=20230506-2022-4719-816e-f3f198a40d2d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=4em59rjbmfyl&aqid=AixWZMjyH4j-3wOq6ZyQCw&psid=3113057640&pbt=bv&adbx=290&adby=145&adbh=481&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=528505921&csala=8%7C0%7C314%7C52%7C275&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww25.anpmnmxo.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-3q1V0JkzAG3VXBfa4AH8lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 06 May 2023 10:29:25 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=Ku4rgc-tFn0u5Vcrxu1PIiuhigyw_7Mp-9gwTC32tLmIyZelREHcMnRMpaWIsiQ2a0xkFvrwSzmyxrWYNMX1IfPSOxKMWfKCC-F6g9-b4JjKTcpU2IWM_PbWKJp7DFFXe9ZZAR40llZNBkc_6LidATR14UhCE4zJPlipAg79KkI; expires=Sun, 05-Nov-2023 10:29:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+955; expires=Mon, 05-May-2025 10:29:25 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/1.1